I’m currently trying to write a playbook in order to automate the process of importing an identity certificate into a Cisco IOS device. The issue is that after issuing the the command "crypto pki import {{ trustpoint }} certificate, the task will either timeout because it’s waiting on the certificate to be pasted in with ios_config module, or Ansible is adding an additional return character somewhere essentially exiting out before the certificate is delivered with ios_command or cli_command modules.
- name: Get Identity Certificate
set_fact:
idcert: >
{{ (lookup('file', s2s_tp_identity_cert_file)) }}
- name: Import identity certificate
ansible.netcommon.cli_command:
command: "{{ item }}"
prompt: ".*itself.*"
answer: "{{ idcert }}"
loop:
- "config t"
- "crypto pki import TEST-TP certificate"
Result:
TASK [roles/ansible.role.cisco-8k-generate-csr : Import identity certificate] **************
ok: [gry-s2s-02] => (item=config t)
failed: [gry-s2s-02] (item=crypto pki import OVPN_NPE_PROD certificate) => {"ansible_loop_var": "item", "changed": false, "item": "crypto pki import OVPN_NPE_PROD certificate", "msg": "rse or verify imported certificate\r\n\r\ngry-s2s-02(config)#MIICljCCAhygAwIBAgIURvT6AAAAAAAAAAAAAAAAAAAAAIYwCgYIKoZIzj0EAwMw\r\nMIICljCCAhygAwIBAgIURvT6AAAAAAAAAAAAAAAAAAAAAIYwCgYIKoZIzj0EAwMw\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\ngry-s2s-02(config)#"}
If I use the ios_config module, it’ll timeout after issuing the crypto command.